Â Information Security (IS) concept hasÂ been under a continuous evolvement. Initially, IS was a technical concept as creators of software and computer systems struggled to make the system more trustworthy. The fundamental requirement for this purpose was to let the systems be accessed and operated only by authorized persons. Hence Access control was the prime focus of the technology. Gradually other technological measures such as Intrusion detection, malware detection, etc emerged as a support to the Access Control requirements. Additionally measures such as Digital Signatures, PKI etc developed. These technical measures form the first dimension of IS.

As the markets evolved, Cyber Crimes developed, there was a felt need in the market for regulatory influence and mandate on IS. This gave raise to legislations such as Computer Abuse Act, CANSPAM Act, ITA 2000 etc. This wave of first generation legislations were aimed at penalizing unauthorised access. In the second generation of legislations such as Data Protection Act, HIPAA, ITA 2008 etc, the legislative focus started prescribing information security practices as a part of legislation. This added the second dimension of Information Security and made IS, a Techno Legal approach.

Time is now ripe to expand the Techno legal concept further with the recognition that “People” are a key ingredient of Information Security and managing humans is also part of information security. Thus the “behavioural Science Aspects” become an essential part of IS. Under this head we need to study how and why humans are influenced to follow or resist information security measures, how and why people develop deviant behaviours leading to data breaches and how human behaviour can be corrected and directed towards building a “Security Culture”.

With the addition of this third dimension, IS practiceÂ now requires a Techno Legal Behavioural Science Approach or TLBS Approach.

Under the new dimension of behavioural Science aspects of IS, we add issues such asÂ the “Theory of Information Security Motivation” to discuss how people can be motivated to implement Information Security. In the same dimension, a debate has also been openedÂ for discussing if there is a factor such as “Technology Intoxication” that drives an IT worker towards “Compulsive Cyber Offence Syndrome”.

It is now time for Behavioural Science specialists to join the IS community and try to find out solutions to Behavioural Science issues.

Leave A Reply

Advertisements

BloggerNews On The Air

We are pleased to announce our latest endeavor, Blogger News is now sponsoring some radio shows on Blog Talk Radio. You can check our full schedule, and listen to previous broadcasts here, and we hope that you will join us on the air in this new venture.